System Assurance

Name: System Assurance
Brand: Elsevier Science & Techn.
Price: 47.99 EUR
Availability: InStock

Beyond Detecting Vulnerabilities

(0 Bewertungen)15

480 Lesepunkte

eBook epub

Buch (kartoniert)65,49 €

47,99 €inkl. Mwst.

Sofort lieferbar (Download)

System Assurance teaches students how to use Object Management Group's (OMG) expertise and unique standards to obtain accurate knowledge about existing software and compose objective metrics for system assurance.

OMG's Assurance Ecosystem provides a common framework for discovering, integrating, analyzing, and distributing facts about existing enterprise software. Its foundation is the standard protocol for exchanging system facts, defined as the OMG Knowledge Discovery Metamodel (KDM). In addition, the Semantics of Business Vocabularies and Business Rules (SBVR) defines a standard protocol for exchanging security policy rules and assurance patterns. Using these standards together, students will learn how to leverage the knowledge of the cybersecurity community and bring automation to protect systems.

This book includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture, and code analysis guided by the assurance argument. A case study illustrates the steps of the System Assurance Methodology using automated tools.

This book is recommended for technologists from a broad range of software companies and related industries; security analysts, computer systems analysts, computer software engineers-systems software, computer software engineers- applications, computer and information systems managers, network systems and data communication analysts.

Provides end-to-end methodology for systematic, repeatable, and affordable System Assurance.
Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the assurance argument.
Case Study illustrating the steps of the System Assurance Methodology using automated tools.

Inhaltsverzeichnis

1;Front Cover;1 2;System AssuranceBeyond DetectingVulnerabilities;4 3;Copyright;5 4;Dedication;6 5;Contents;8 6;Foreword;14 7;Preface;16 8;Chapter 1: Why hackers know more about our systems;22 8.1;1.1. Operating In Cyberspace Involves Risks;22 8.2;1.2. Why Hackers Are Repeatedly Successful;24 8.3;1.3. What are the challenges in defending cybersystems?;25 8.4;1.4. Where Do We Go From Here?;34 8.5;1.5. Who Should Read This Book?;42 8.6;Bibliography;42 9;Chapter 2: Confidence as a product;44 9.1;2.1. Are You Confident That There Is No Black Cat In The Dark Room?;44 9.2;2.2. The Nature of Assurance;52 9.3;2.3. Overview of the assurance process;64 9.4;Bibliography;67 10;Chapter 3: How to build confidence;70 10.1;3.1. Assurance in the System Life Cycle;70 10.2;3.2. Activities of System Assurance Process;73 10.3;Bibliography;101 11;Chapter 4: Knowledge of system as an element of cybersecurity argument;102 11.1;4.1. What is System?;102 11.2;4.2. Boundaries of the System;103 11.3;4.3. Resolution of the system description;105 11.4;4.4. Conceptual Commitment for System Descriptions;106 11.5;4.5. System Architecture;108 11.6;4.6. Example of an Architecture Framework;111 11.7;4.7. Elements of a System;114 11.8;4.8. System Knowledge Involves Multiple Viewpoints;116 11.9;4.9. Concept of Operations (CONOP);119 11.10;4.10. Network Configuration;119 11.11;4.11. System Life Cycle and Assurance;121 11.12;Bibliography;130 12;Chapter 5: Knowledge of risk as an element of cybersecurity argument;132 12.1;5.1. Introduction;132 12.2;5.2. Basic Cybersecurity Elements;135 12.3;5.3. Common Vocabulary for threat identification;140 12.4;5.4. Systematic threat identification;160 12.5;5.5. Assurance Strategies;162 12.6;5.6. Assurance of the threat identification;166 12.7;Bibliography;167 13;Chapter 6: Knowledge of vulnerabilities as an element of cybersecurity argument;168 13.1;6.1. Vulnerability as a unit of Knowledge;168 13.2;6.2. Vulnerability databases;177 13.3;6.3. Vulnerability life cycle;184
13.4;6.4. NIST Security Content Automation Protocol (SCAP) Ecosystem;186 13.5;Bibliography;191 14;Chapter 7: Vulnerability patterns as a new assurance content;192 14.1;7.1. Beyond Current SCAP Ecosystem;192 14.2;7.2. Vendor-neutral vulnerability patterns;195 14.3;7.3. Software Fault Patterns;196 14.4;7.4. Example Software Fault Pattern;207 14.5;Bibliography;210 15;Chapter 8: OMG software assurance ecosystem;212 15.1;8.1. Introduction;212 15.2;8.2. OMG assurance ecosystem: toward collaborative cybersecurity;214 15.3;Bibliography;221 16;Chapter 9: Common fact model for assurance content;222 16.1;9.1. Assurance Content;222 16.2;9.2. The Objectives;224 16.3;9.3. Design Criteria for Information Exchange Protocols;225 16.4;9.4. Trade-offs;226 16.5;9.5. Information Exchange Protocols;227 16.6;9.6. The Nuts and Bolts of Fact Models;229 16.7;9.7. The Representation of Facts;241 16.8;9.8. The Common Schema;247 16.9;9.9. System Assurance Facts;248 16.10;Bibliography;252 17;Chapter 10: Linguistic models;254 17.1;10.1. Fact Models and Linguistic Models;254 17.2;10.2. Background;256 17.3;10.3. Overview of SBVR;257 17.4;10.4. How to Use SBVR;258 17.5;10.5. SBVR Vocabulary for Describing Elementary Meanings;262 17.6;10.6. SBVR Vocabulary for Describing Representations;266 17.7;10.7. SBVR Vocabulary for Describing Extensions;268 17.8;10.8. Reference schemes;268 17.9;10.9. SBVR Semantic Formulations;269 17.10;Bibliography;273 18;Chapter 11: Standard protocol for exchanging system facts;274 18.1;11.1. Background;274 18.2;11.2. Organization of the KDM Vocabulary;275 18.3;11.3. The Process of Discovering System Facts;278 18.4;11.4. Discovering the Baseline System Facts;281 18.5;11.5. Performing Architecture Analysis;313 18.6;Bibliography;321 19;Chapter 12: Case study;322 19.1;12.1. Introduction;322 19.2;12.2. Background;323 19.3;12.3. Concepts of Operations;323 19.4;12.4. Business Vocabulary and Security Policy for Clicks2Bricks in SBVR;329 19.5;12.5. Building the Integrated System Mod
el;340 19.6;12.6. Mapping Cybersecurity Facts to System Facts;348 19.7;12.7. Assurance Case;351 19.8;Bibliography;357 20;Index;358

Mehr aus dieser Reihe

SOA and Web Services Interface Design

James Bean

eBook epub

48,99 €*

Systems Engineering with SysML/UML

Tim Weilkiens

eBook epub

43,99 €*

Modeling and Analysis of Real-Time and Embedded Systems with UML and MARTE

Bran Selic, Sebastien Gerard

eBook epub

45,99 €*

Modeling Enterprise Architecture with TOGAF

Philippe Desfray, Gilbert Raymond

eBook epub

38,99 €*

Interaction Flow Modeling Language

Marco Brambilla, Piero Fraternali

eBook epub

45,99 €*

Master Data Management

David Loshin

eBook epub

43,99 €*

Information Systems Transformation

William M. Ulrich, Philip Newcomb

Building the Agile Enterprise

Fred A. Cummins

eBook epub

43,99 €*

Building the Agile Enterprise

Fred A. Cummins

eBook epub

42,99 €*

A Practical Guide to SysML

Sanford Friedenthal, Alan Moore, Rick Steiner

eBook epub

45,99 €*

Produktdetails

Erscheinungsdatum

29. Dezember 2010

Sprache

englisch

Seitenanzahl

368

Reihe

The MK/OMG Press

Autor/Autorin

Nikolai Mansourov, Djenana Campara

Verlag/Hersteller

Elsevier Science & Techn.

Kopierschutz

mit Wasserzeichen versehen

Produktart

EBOOK

Dateiformat

EPUB

ISBN

9780123814159

Entdecken Sie mehr

Betriebswirtschaft und Management

Informationstechnik (IT), allgemeine Themen

Betriebswirtschaft und Management

Informationstechnik (IT), allgemeine Themen

Portrait

Nikolai Mansourov

Nikolai Mansourov is recognized worldwide for his work in the areas of automatic code generation and using formal specifications in both forward and reverse engineering. Prior to joining KDM Analytics, Dr. Mansourov was the Chief Scientist and Chief Architect at Klocwork Inc, where he significantly helped build the company's credibility. Dr. Mansourov also was a department head at the Institute for System Programming, Russian Academy of Sciences, where he was responsible for numerous groundbreaking research projects in advanced software development for industry leaders Nortel Networks and Telelogic. Dr. Mansourov has published over 50 research papers and is a frequent speaker as well as member of program committees at various international research forums. He is a founding member of the World-Wide Institute of Software Architects WWISA. His impact on the industry continues through his participation on several standards bodies, including the ITU-T and Object Management Group. Dr. Mansourov is one of the first OMG-certified UML Advanced Professionals and a member of the UML2 standardization team. Dr. Mansourov is the Editor of the OMG Knowledge Discovery Metamodel (KDM) specification and the Chair of the OMG Revision Task Force for KDM. Djenana Campara has 20+ years of experience and leadership in the software engineering field. Ms. Campara is a member of the Board of Directors of the Object Management Group (OMG). Djenana Campara chairs the OMG Architecture-Driven Modernization Task Force and Software Assurance Special Interests Group, and serves as a board member on the Canadian Consortium of Software Engineering Research (CSER). Previously, Djenana was CTO of Klocwork and chairwoman of Klocwork's Board of Directors. Djenana founded the company in 2001 as a successful Nortel Networks spin off. She has served as Klocwork's chief executive officer, securing the company's first round of funding as well as closing its first customers. She has been awarded four US patents for her groundbreaking static analysis techniques implemented in Klocwork's products. She has published a number of papers on software transformations, has been quoted in publications, including The Economist and Secure Computing, and has participated in Fortune Magazine's "Brainstorm 2003," an international conference of the world's most creative leaders.

Bewertungen

0 Bewertungen

Es wurden noch keine Bewertungen abgegeben. Schreiben Sie die erste Bewertung zu "System Assurance" und helfen Sie damit anderen bei der Kaufentscheidung.